GSA seeks help in tracking sensitive info

GSA RFI for tracking sensitive data extracts

More than a year after the Office of Management and Budget required agencies to manage, track and erase personal information extracted from databases, the General Services Administration is asking industry for suggestions on how to accomplish that goal.

In a request for information issued July 17, GSA, on behalf of OMB, asked vendors to submit software and system ideas that meet the Bush administration’s goal. OMB had originally required agencies to comply with the mandate within 45 days. But more than a year later, few, if any, agencies have done so.

Experts say the requirement to log data extracts is the most difficult to complete. They say agencies need to know what sensitive data is in a database before deciding how to log it. Others say analyzing thousands of daily logs is the biggest challenge.

Despite those challenges, OMB expects agencies to comply with the mandate, and GSA’s RFI will help agencies know what is available from industry.

In the RFI, GSA asks vendors to describe their approaches, practices and capabilities for providing the services and whether their software must be customized to meet agencies’ needs.

GSA detailed 19 high-level objectives and six other supplemental goals in the RFI.

Among them are the ability to:
  • Identify or tag and log sensitive data that is removed from secure databases.
  • Manage various electronic formats, including database extracts, images, PDF files and other documents.
  • Log, track and report sensitive information for pending distribution, such as e-mail messages, instant messages and Web postings.
  • Manage sensitive data to determine any reconfiguration either by converting or by dissecting and infusing data from one format or document type to another.
  • Automatically alert agency officials when sensitive data exists 90 days after it is no longer needed.
  • Automate the proactive erasure or relocation of sensitive data.
  • Provide proactive scanning of network segments or specific nodes for sensitive data creation, storage and compliance with time-based erasure, relocation or archival policies.
  • Track and report when sensitive data is written to mobile storage and media devices.
GSA also described the potential components of a system, which include a monitoring appliance, a monitoring application, a management console and a scanning appliance.

Responses are due Aug. 13.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.